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' AMENDMENTS IN THE CLAIMS : 

\ 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
LISTING OF THE CLAIMS: 

1 . (Currently amended) A method of responding to the detection of an intrusion on a network 
system that provides network services, the network system including one or more attached 
functions and one or more network infrastructures devices , the method comprising the steps of: 

a. using one or more of the network infrastructure devices to monitor monitoring the 
network system for intrusions; 

b. upon detection of an intrusion, identifying one or more sources of the intrusion; 

c. identifying one or more signal transferring e nforc e m e nt devices of the one or 
more network infrastructure devices syst e m associated with the one or more 
identified sources; and 

d. configuring the identified one or more signal transferring e nforcem e nt devices 
with one or more policy changes responsive to the detected intrusion. 

2. (Currently amended) The method as claimed in Claim 1 wherein the step of identifying the 
one or more sources of the intrusions includes the step of identifying a physical address or and/or 
a logical address of each of the one or more identified sources. 

3. (Currently amended) The method as claimed in Claim 2 wherein the physical address 
information is a MAC address or and/or the logical address information is an IP address. 

4. (Currently amended) The method as claimed in Claim 1 wherein the one or more of the 
network infrastructure devices to monitor the network system is s t e p of monitoring th e n e twork 
for intrusions is perform e d by an intrusion detection device function . 

5. (Currently amended) The method as claimed in Claim 4 wherein the intrusion detection 
function device is a centralized network infrastructure device function . 
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6. (Currently amended) The method as claimed in Claim 4 wherein the intrusion detection 
function device is a plurality of distributed network infrastructure devices function . 

7. (Currently amended) The method as claimed in Claim 4 wherein the intrusion detection 
function device is an intrusion detection system. 

8. (Currently amended) The method as claimed in Claim 1 wherein the step of identifying the 
one or more e nforcem e nt signal transferring devices associated with the one or more identified 
sources includes the step of determining the physical address, logical address, or both for each of 
the identified one or more e nforc e m e nt signal transferring devices. 

9. (Original) The method as claimed in Claim 1 further comprising the step of verifying the 
identification of the identified one or more sources. 

10. (Currently amended) The method as claimed in Claim 1 wherein the step of configuring the 
identified one or more e nforc e m e nt signal transferring devices with one or more policy changes 
responsive to the detected intrusion includes the step of configuring the identified one or more 
enforc e m e nt signal transferring devices to perform one or more functions selected from the 
group consisting of: blocking complete access to the network services by the identified one or 
more sources, blocking access by identified logical addresses only, blocking access by an 
identified access protocol only, limiting bandwidth, limiting exchanges to or from the identified 
one or more enforc e m e nt signal transferring devices, to or from one or more other network 
infrastructure devices, or to or from any of the attached functions not identified as an intrusion 
source, and directing all signals exchanged by the identified one or more sources to a honeypot, a 
s e cond an intrusion detection device function , a monitoring device, or a simulation device. 

1 1 . (Currently amended) The method as claimed in Claim 1 wherein the step of configuring the 
identified one or more e nforcem e nt signal transferring devices with one or more policy changes 
responsive to the detected intrusion includes the step of configuring the identified one or more 
e nforc e m e nt signal transferring devices to permit connectivity of the identified one or more 
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sources while dampening the level of activity associated with the identified one or more sources 
to minimize network harm while permitting analysis and auditing of the identified one or more 
sources and the gathering of forensic evidence. 

12. (Currently amended) The method as claimed in Claim 1 wherein the step of configuring the 
identified one or more e nforc e m e nt signal transferring devices with one or more policy changes 
includes the steps of first configuring a first set of the identified one or more enforc e m e nt signal 
transferring devices with a first set of one or more policy changes, monitoring the network 
system for intrusions and, upon detection of one or more intrusions related to the intrusions 
causing the first one or more policy changes, configuring a second set of the identified one or 
more e nforc e ment signal transferring devices with a second set of one or more policy changes. 

13. (Currently amended) The method as claimed in Claim 12 wherein one or more of the one or 
more e nforc e m e nt signal transferring devices of the second set are e nforc e m e nt signal 
transferring devices of the first set. 

14. (Currently amended) The method as claimed in Claim 1 wherein the identified one or more 
e nforcem e nt signal transferring devices are selected from the group consisting of network entry 
devices and centralized switching devices. 

15. (Currently amended) The method as claimed in Claim 1 wherein the one or more policy 
changes are configured on one or more ports of one or more of the identified one or more 
e nforc e m e nt signal transferring devices. 

16. (Currently amended) A Distributed Intrusion Response System (DIRS) to respond to the 
detection of an intrusion on a network system that provides network services, the network system 
including one or more attached functions and a network infrastructure including one or more 
network infrastructure devices , the DIRS comprising: 

a. a directory service function for receiving address information for attached 
functions and network infrastructure devices of th e n e twork infrastructur e; 
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b. a policy manager function for configuring one or more signal transferring devices 
of the network infrastructure with policies; and 

c. m e ans a function of the network infrastructure for identifying one or more sources 
of one or more intrusions^^and 

€h on e or more enforc e m e nt devic e s of th e n e twork infrastructur e , wherein eaeh-one 

or more of the one or more signal transferring devices e nforcem e nt d e vic e is 
configured to enforce policy changes established thereon by the policy manager 
function in response to one or more detected intrusions. 

17. (Currently amended) The DIRS as claimed in Claim 16 further comprising a policy decision 
function configured: 

a. to receive detected intrusion information from an intrusion detection function of 
the network infrastructure : 

b. to receive network infrastructure device information from the directory service 
function; 

c. to evaluate whether a policy change or changes is or are required on one or more 
of the se curity e nforc e m e nt signal transferring devices in response to the detected 
intrusion information; and 

d. to direct the policy manager function to configure one or more identified 
e nforc e m e nt signal transferring devices with determined policy changes upon 
deciding to do so based upon the evaluation. 

18. (Original) The DIRS as claimed in Claim 17 wherein the policy manager function and the 
policy decision function are part of a central server of the network infrastructure. 

19. (Original) The DIRS as claimed in Claim 18 wherein the directory service function is part of 
the central server. 

20. (Original) The DIRS as claimed in Claim 17 wherein the intrusion detection function is 
provided by an intrusion detection system of the network infrastructure. 
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21. (Original) The DIRS as claimed in Claim 17 wherein the intrusion detection function is a 
distributed intrusion detection function. 

22. (Original) The DIRS as claimed in Claim 17 wherein the intrusion detection function is a 
centralized intrusion detection function. 

23. (Currently amended) The DIRS as claimed in Claim 16 wherein the one or more n e twork 
s e curity e nforc e m e nt signal transferring devices is selected from the group consisting of routers, 
switches, access points, gateways, and firewalls. 

24. (Currently amended) The DIRS as claimed in Claim 46 17 further comprising a network 
management system for identifying address information for the n e twork s e curity e nforc e m e nt 
signal transferring devices. 

25. (Currently amended) The DIRS as claimed in Claim 24 wherein the network management 
system communicates with the intrusion detection function. 

26. (Original) The DIRS as claimed in Claim 16 wherein the directory service function is 
distributed among a plurality of devices of the network infrastructure. 

27. (Currently amended) The DIRS as claimed in Claim 16 further comprising a function m e ans 
to validate the accuracy of the identity of the identified one or more sources including a logical 
address, a physical address, or a location. 
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